Users with SENSITIVE_VIEW privileges will be able to see and act on tickets marked sensitive, as will any user configured to be able to bypass the sensitive marker. For example, his happens in the case the user is the ticket owner or reporter or is in the CC field, and the associated flags are set in [sensitivetickets] section of trac.ini.

This plugin also adds the SENSITIVE_ACTIVITY_VIEW permission, which is narrower in scope than SENSITIVE_VIEW. Accounts with SENSITIVE_ACTIVITY_VIEW will be able to see activity on sensitive material in the timeline, but will only be able to identify it by ticket number, comment number and timestamp. All other content will be redacted.
SENSITIVE_ACTIVITY_VIEW can be useful (for example) for providing a notification daemon the ability to tell that some activity happened without leaking the content of that activity.

Needs an environment upgrade or just adding the appropriate stanza to [ticket-custom] in trac.ini after enabling.

Example

Scenario 1

A user submits a security related ticket to a project's Trac, which is generally open to the public. They mark it as "Sensitive" so that only people in the internal team that deal with security issues can see the ticket.

Scenario 2

A team uses Trac to handle its business development tasks, but wants to leave the record open for all. Some tasks, however, say, dealing with difficult clients, are sensitive. Those tickets are marked as sensitive and hidden to others, but viewable by the business development team.